CVE-2016-10308
Last modified
CVE-2016-10308 is a vulnerability of currently unknown severity. Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it.. EPSS estimates a 2.94% chance of exploitation in the next 30 days.
Description
Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Siklu | Etherhaul Firmware | <= 3.7.0 |
| Siklu | Etherhaul Firmware | 6.0 |
References
- http://blog.iancaling.com/post/145309944453Exploit, Third Party Advisory
- http://www.securityfocus.com/bid/97243Third Party Advisory, VDB Entry
- http://blog.iancaling.com/post/145309944453Exploit, Third Party Advisory
- http://www.securityfocus.com/bid/97243Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-10308?
How severe is CVE-2016-10308?
How do I fix CVE-2016-10308?
Are you affected by CVE-2016-10308?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST